You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/20 17:31:13 UTC

[2/2] cxf-fediz git commit: Add support for a config option to automatically redirect to the RP after logout

Add support for a config option to automatically redirect to the RP after logout


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/5667ed43
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/5667ed43
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/5667ed43

Branch: refs/heads/master
Commit: 5667ed43af372034782fe1f69ac03bb58db3a539
Parents: d48929d
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Feb 20 17:11:27 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Feb 20 17:11:27 2017 +0000

----------------------------------------------------------------------
 .../org/apache/cxf/fediz/service/idp/domain/Idp.java   | 13 ++++++++++++-
 .../fediz/service/idp/service/jpa/IdpDAOJPAImpl.java   |  2 ++
 .../cxf/fediz/service/idp/service/jpa/IdpEntity.java   | 10 ++++++++++
 services/idp/src/main/resources/entities-realma.xml    |  1 +
 .../WEB-INF/flows/federation-validate-request.xml      | 12 +++++++++---
 5 files changed, 34 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5667ed43/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
index 0674b5a..2fc7a64 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/domain/Idp.java
@@ -35,7 +35,8 @@ import javax.xml.bind.annotation.XmlType;
 @XmlType(propOrder = {"realm", "uri", "serviceDisplayName", "serviceDescription", "idpUrl", "stsUrl",
                      "certificate", "certificatePassword", "provideIdpList", "useCurrentIdp", "hrds",
                      "rpSingleSignOutConfirmation", "supportedProtocols", "tokenTypesOffered", "claimTypesOffered",
-                     "authenticationURIs", "applications", "trustedIdps", "id", "rpSingleSignOutCleanupConfirmation" })
+                     "authenticationURIs", "applications", "trustedIdps", "id", "rpSingleSignOutCleanupConfirmation",
+                     "automaticRedirectToRpAfterLogout"})
 public class Idp implements Serializable {
 
     private static final long serialVersionUID = -5570301342547139039L;
@@ -117,6 +118,8 @@ public class Idp implements Serializable {
 
     // Is explicit confirmation required when the "cleanup" URL is called
     private boolean rpSingleSignOutCleanupConfirmation;
+    
+    private boolean automaticRedirectToRpAfterLogout;
 
     @XmlAttribute
     public int getId() {
@@ -301,4 +304,12 @@ public class Idp implements Serializable {
         this.rpSingleSignOutCleanupConfirmation = rpSingleSignOutCleanupConfirmation;
     }
 
+    public boolean isAutomaticRedirectToRpAfterLogout() {
+        return automaticRedirectToRpAfterLogout;
+    }
+
+    public void setAutomaticRedirectToRpAfterLogout(boolean automaticRedirectToRpAfterLogout) {
+        this.automaticRedirectToRpAfterLogout = automaticRedirectToRpAfterLogout;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5667ed43/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
index f085333..f2a23bd 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpDAOJPAImpl.java
@@ -294,6 +294,7 @@ public class IdpDAOJPAImpl implements IdpDAO {
         entity.setUseCurrentIdp(idp.isUseCurrentIdp());
         entity.setRpSingleSignOutConfirmation(idp.isRpSingleSignOutConfirmation());
         entity.setRpSingleSignOutCleanupConfirmation(idp.isRpSingleSignOutCleanupConfirmation());
+        entity.setAutomaticRedirectToRpAfterLogout(idp.isAutomaticRedirectToRpAfterLogout());
 
         entity.getAuthenticationURIs().clear();
         for (Map.Entry<String, String> item : idp.getAuthenticationURIs().entrySet()) {
@@ -328,6 +329,7 @@ public class IdpDAOJPAImpl implements IdpDAO {
         idp.setUseCurrentIdp(entity.isUseCurrentIdp());
         idp.setRpSingleSignOutConfirmation(entity.isRpSingleSignOutConfirmation());
         idp.setRpSingleSignOutCleanupConfirmation(entity.isRpSingleSignOutCleanupConfirmation());
+        idp.setAutomaticRedirectToRpAfterLogout(entity.isAutomaticRedirectToRpAfterLogout());
 
         if (expandList != null && (expandList.contains("all") || expandList.contains("applications"))) {
             for (ApplicationEntity item : entity.getApplications()) {

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5667ed43/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
index 1430fbc..af1ee49 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/service/jpa/IdpEntity.java
@@ -136,6 +136,8 @@ public class IdpEntity {
     private String serviceDescription;
 
     private boolean rpSingleSignOutCleanupConfirmation;
+    
+    private boolean automaticRedirectToRpAfterLogout;
 
 
     public int getId() {
@@ -298,4 +300,12 @@ public class IdpEntity {
         this.rpSingleSignOutCleanupConfirmation = rpSingleSignOutCleanupConfirmation;
     }
 
+    public boolean isAutomaticRedirectToRpAfterLogout() {
+        return automaticRedirectToRpAfterLogout;
+    }
+
+    public void setAutomaticRedirectToRpAfterLogout(boolean automaticRedirectToRpAfterLogout) {
+        this.automaticRedirectToRpAfterLogout = automaticRedirectToRpAfterLogout;
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5667ed43/services/idp/src/main/resources/entities-realma.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/resources/entities-realma.xml b/services/idp/src/main/resources/entities-realma.xml
index 61cfa0d..c1e4058 100644
--- a/services/idp/src/main/resources/entities-realma.xml
+++ b/services/idp/src/main/resources/entities-realma.xml
@@ -36,6 +36,7 @@
         <property name="stsUrl" value="https://localhost:9443/fediz-idp-sts/REALMA" />
         <property name="idpUrl" value="https://localhost:9443/fediz-idp/federation" />
         <property name="rpSingleSignOutConfirmation" value="true"/>
+        <property name="automaticRedirectToRpAfterLogout" value="false"/>
         <property name="supportedProtocols">
             <util:list>
                 <value>http://docs.oasis-open.org/wsfed/federation/200706</value>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/5667ed43/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
index ea9ce68..6d90263 100644
--- a/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
+++ b/services/idp/src/main/webapp/WEB-INF/flows/federation-validate-request.xml
@@ -232,9 +232,9 @@
     </view-state>
 
     <view-state id="redirect" view="externalRedirect:#{flowScope.wreply}" />
-
+    
     <!-- normal exit point for logout -->
-    <end-state id="invalidateSessionAction" view="signoutresponse">
+    <decision-state id="invalidateSessionAction">
         <on-entry>
             <!-- store the realmConfigMap in the request map before we invalidate the session below.
             Its needed in the signoutresponse.jsp page -->
@@ -247,7 +247,13 @@
             <evaluate expression="homeRealmReminder.removeCookie(flowRequestContext)" />
             <evaluate expression="logoutAction.submit(flowRequestContext)" />
         </on-entry>
-    </end-state>
+        <if test="flowScope.idpConfig.isAutomaticRedirectToRpAfterLogout()"
+            then="redirectToRPLogoutPage" else="showLogoutResponsePage" />
+    </decision-state>
+    
+    <end-state id="showLogoutResponsePage" view="signoutresponse" />
+    
+    <end-state id="redirectToRPLogoutPage" view="externalRedirect:#{flowScope.wreply}" />
 
     <!-- redirect to remote idp -->
     <end-state id="redirectToTrustedIDP" view="externalRedirect:#{flowScope.remoteIdpUrl}">